Skip Links

Can big data nab network invaders?

Big data brings big hopes about catching stealthy intruders going after sensitive data

By , Network World
March 07, 2012 04:00 PM ET

Page 2 of 2

"People can't get the answers they want from SIEM tools," said Forrester analyst John Kindervag. He said something new is going to have to happen, in which SIEM tools might be a part.

Of all the analysts on the RSA panel, Jon Oltsik with Enterprise Strategy Group, appeared the most skeptical that Big Data is going to be the answer to the APT problem.

"My fear is we'll capture more data and not know what to do with it," Oltsik commented. He said chief information security officers (CISO) in the enterprise today aren't sold on the idea that Big Data is going to somehow be a special boon to security. "When I talk to CISOs and ask about Big Data, they laugh," he commented.

Still, some early adopters of big data security approaches are hopeful.

Zions Bancorporation has set up a massive repository for proactively analyzing a combination of real-time security and business data in order to identify phishing attacks, prevent fraud and ward off hacker intrusions. Announced last October, it's based on the Zettaset Data Warehouse which makes use of Hadoop for data-intensive distributed applications. Preston Wood, chief security officer at Zions, has described it as a way to augment a SIM tool and look at massive amounts of historical business data for security purposes.

SIEM vendors, including NetIQ, say they know the buzz around big data and security is just beginning.

"This is where SIEM has to go," said Matt Ulery, director of product management at NetIQ, maker of the SIEM called Sentinel. Ulery said the industry is starting on a path to re-invent SIEM by incorporating business intelligence. Big Data could detect what's out of a normal pattern, says Ulery, noting Sentinel 7.0 does incorporate more context for data.

"But how do you define the good?" Ulery asked, pointing out an attacker "will take over an account, so the question is, is that the employee or the attacker?" He said stealthy attack actions may only pop up for a few seconds at most every day, so the goal is to define the trusted insider from the attacker. Big Data may be able to provide a lot of assistance in that.

But Ulmer adds that there appear to be many practical reasons why the big data concept for security is going to be faced with obstacles.

One practical obstacle is the current push to put enterprise data into cloud computing, which is making it harder for the traditional SIEM approach, which has been used on premises inside the enterprise network. Another obstacle is that security managers hopeful about Big Data will be in the position of drawing up data-management strategies and recommendations about something that remains very cutting-edge today. In an era where other corporate issues, such as whether to adopt "Bring Your Own Device" for mobile devices are already a big topic with management, adding big data could be a hard sell.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News